Class: Soar::Policy::AccessManager::ModelProvider::Stub

Inherits:

Object

• Object
• Soar::Policy::AccessManager::ModelProvider::Stub

Includes:

Jsender

Defined in:

lib/soar/policy/access_manager/model_provider/stub.rb

Instance Method Summary

• #authorized?(service_identifier, resource_identifier, request) ⇒ Hash

  A jsend hash.

• #initialize(meta: {}, policies: {}) ⇒ Stub constructor

  A new instance of Stub.

Constructor Details

#initialize(meta: {}, policies: {}) ⇒ Stub

Returns a new instance of Stub.

Parameters:

• meta (Hash) (defaults to: {}) —

  mapping service identifiers to policy identifiers

• policies, (Hash) —

  policy identifiers map to resource identifiers, that map to an array of authentication_identifiers that are allowed access

# File 'lib/soar/policy/access_manager/model_provider/stub.rb', line 15

def initialize(meta: {}, policies: {})
  @meta = meta
  @policies = policies
end

Instance Method Details

#authorized?(service_identifier, resource_identifier, request) ⇒ Hash

Returns a jsend hash.

Parameters:

• service_identifier (String)
• resource_identifier (String)
• request (Hash)

Returns:

• (Hash) —

  a jsend hash

# File 'lib/soar/policy/access_manager/model_provider/stub.rb', line 26

def authorized?(service_identifier, resource_identifier, request)
  notifications = []
  decision = false

  begin
    if ENV['RACK_ENV'] == 'development'
      notifications << 'Authorized in development environment'
      decision = true
    end

    meta = get_meta(service_identifier)
    policy = meta['policy'] if meta and meta.is_a?(Hash) and meta['policy']

    if policy.nil?
      decision = true
      notifications << 'No policy associated with service'
    else
      decision, detail = ask_policy(policy, request[:authentication_identifier], service_identifier, resource_identifier, request)
      notifications.concat(detail) if not detail.empty?
      notifications << 'Policy rejected authorization request' if not decision
      notifications << 'Policy approved authorization request' if decision
    end
  rescue SoarSr::ValidationError => ex
    notifications << "AccessManager error authorizing #{service_identifier} for #{resource_identifier}: #{ex.message}"
    decision = false
  rescue Exception => ex
    notifications << "AccessManager error authorizing #{service_identifier} for #{resource_identifier}: #{ex.message}"
    decision = false
  end
  success(notifications, { 'approved' => decision } )
end